From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
To: Christoph Hellwig <hch@lst.de>
Cc: Alexey Dobriyan <adobriyan@gmail.com>,
Kees Cook <keescook@chromium.org>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
Luis Chamberlain <mcgrof@kernel.org>,
Andrey Ignatov <rdna@fb.com>, Al Viro <viro@zeniv.linux.org.uk>,
Iurii Zaikin <yzaikin@google.com>
Subject: Re: [PATCH] proc_sysctl: clamp sizes using table->maxlen
Date: Sat, 27 Feb 2021 09:41:36 -0500 [thread overview]
Message-ID: <1614436629.aqa2hys64t.none@localhost> (raw)
In-Reply-To: <20210216084728.GA23731@lst.de>
Excerpts from Christoph Hellwig's message of February 16, 2021 3:47 am:
> How do these maxlen = 0 entries even survive the sysctl_check_table
> check?
maxlen!=0 is only checked for "default" handlers, e.g. proc_dostring,
proc_dointvec. it is not checked for non-default handlers, because some
of them use fixed lengths.
my patch is not correct though because some drivers neither set proper
maxlen nor use memcpy themselves; instead, they construct a ctl_table on
the stack and call proc_*.
> Please split this into one patch each each subsystem that sets maxlen
> to 0 and the actual change to proc_sysctl.c.
I will do this with a new patch version once I figure out a way to
comprehensively fix all the drivers setting bogus values for maxlen
(sometimes maxlen=0 is valid if only blank writes are permitted, and
some drivers set random values which have no relation to the actual read
size).
Thank you for the review.
next prev parent reply other threads:[~2021-02-27 14:43 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20210215145305.283064-1-alex_y_xu.ref@yahoo.ca>
2021-02-15 14:53 ` [PATCH] proc_sysctl: clamp sizes using table->maxlen Alex Xu (Hello71)
2021-02-16 0:49 ` Alex Xu (Hello71)
2021-02-16 8:47 ` Christoph Hellwig
2021-02-27 14:41 ` Alex Xu (Hello71) [this message]
2021-02-16 12:12 ` [proc_sysctl] 459b3085f2: sysctl_table_check_failed kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1614436629.aqa2hys64t.none@localhost \
--to=alex_y_xu@yahoo.ca \
--cc=adobriyan@gmail.com \
--cc=hch@lst.de \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=rdna@fb.com \
--cc=viro@zeniv.linux.org.uk \
--cc=yzaikin@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).